[Esapi-user] Problems with esapi

Chris Schmidt chris.schmidt at owasp.org
Tue Mar 6 06:23:02 UTC 2012


Hi Jorg -

You have done everything correctly - the problem in this case is that
you have multiple versions of Log4J in your application classpath, and
the wrong one is being loaded. The simplest way to ensure this is your
error is to look at the war that maven builds, extract it and look in
the WEB-INF/lib directory, I am pretty sure you will see more than one
version of log4j there.

The simplest way to discover where your problem is - is to run mvn
dependency:tree and examine the dependency graph for your application.
You will want to look specifically for libraries which depend on log4j.
Once you have discovered the culprit, you can add an exclusion to your
pom.xml for the culprit

http://maven.apache.org/guides/introduction/introduction-to-optional-and-excludes-dependencies.html

Hopefully this will help you get things up and running - let us know if
you continue to experience problems.

On 3/4/2012 10:47 AM, Jörg Liedl wrote:
> Hi,
> I have a small Blog project programmed, and i want to improve all
> inputs and actions with the ESAPI.
>
> The project is JAVA EE6 on a JBoss-AS 7.1 using JSF
>
> I integrated esapi into my project with maven:
>
> <!-- ESAPI Version 2.0.1 -->
> <dependency>
>     <groupId>org.owasp.esapi</groupId>
>     <artifactId>esapi</artifactId>
>     <version>2.0.1</version>
> </dependency>
>
> i also included the .esapi folder in the server start (thats where i
> copied it)
>  -Dorg.owasp.esapi.resources=/home/joergi/.esapi/
>
> I looked at the ESAPI install guide (
> http://owasp-esapi-java.googlecode.com/svn/trunk/documentation/esapi4java-core-2.0-install-guide.pdf
> ) and copied the example into my TestController.java..
> |@ManagedBean(name="testController")
> @RequestScoped
> public class TestController  {  
>
>     public String esapiTest(){
>
>     System.out.println("ESAPI.accessController found: " 
>                                + ESAPI.accessController());
>
>     return "ESAPI.accessController found: " + ESAPI.accessController();
>     }
> }|
>
> test.xhtml looks like this:
> <?xml version="1.0" encoding="UTF-8"?>
> <ui:composition xmlns="http://www.w3.org/1999/xhtml"
> xmlns:ui="http://java.sun.com/jsf/facelets"
> xmlns:h="http://java.sun.com/jsf/html">
> <ui:define name="content">
>     <h2>esapi test</h2>
>         <h:outputText value="#{testController.esapiTest()}" /> 
> </ui:define>
> </ui:composition>
>
> and i got this error message: http://pastebin.com/6an0awMc
>
> so i'm not really sure, if the integration is workig as it should work.
>
> because when i start the original swingset project, i got something like:
> |Seeking ESAPI.properties
>   Not found in 'org.owasp.esapi.resources' directory or file not readable: /home/joergi/dev/projects/esapi_demo_1punkt0/ESAPI.properties
>   Found in 'user.home' directory: /home/joergi/.esapi/ESAPI.properties
> Loaded 'ESAPI.properties' properties file
> Seeking validation.properties
>   Not found in 'org.owasp.esapi.resources' directory or file not readable: /home/joergi/dev/projects/esapi_demo_1punkt0/validation.properties
>   Found in 'user.home' directory: /home/joergi/.esapi/validation.properties
> Loaded 'validation.properties' properties file
> Seeking ESAPI_logging_file
>   Not found in 'org.owasp.esapi.resources' directory or file not readable: /home/joergi/dev/projects/esapi_demo_1punkt0/ESAPI_logging_file
>   Found in 'user.home' directory: /home/joergi/.esapi/ESAPI_logging_file|
>
> But in my project i don't see the "seeking esapi.properties" lines
> when the server starts...
>
> I briefly described my problem on stack overflow
>
> http://stackoverflow.com/questions/9543218/owasp-esapi-simpletest-in-a-maven-java-ee-project
>
> I don't know what i missed to integrate it...
>
> Thanks for your help
>
> Jörg
>
>
>
> _______________________________________________
> Esapi-user mailing list
> Esapi-user at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/esapi-user
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/esapi-user/attachments/20120305/1625e1fc/attachment.html>


More information about the Esapi-user mailing list